NCUA’s Regulations and Guidance

Banner image saying "Regulation"

NCUA 12 CFR Section 748.0: Security Program

Each federally insured credit union will;

  • Develop a written security program within 90 days of the effective date of insurance.
  • Designed to protect each credit union office from robberies, burglaries, larcenies, and embezzlement;
  • Ensure the security and confidentiality of member records,
  • Protect against the anticipated threats or hazards to the security or integrity of such records, and
  • Protect against unauthorized access to or use of such records that could result in substantial harm or serious inconvenience to a member;
  • Respond to incidents of unauthorized access to or use of member information that could result in substantial harm or serious inconvenience to a member;
  • Assist in the identification of persons who commit or attempt such actions and crimes,
  • Prevent destruction of vital records as defined in 12 CFR Part 749, and
  • Dispose of any consumer information the Federal credit union maintains or otherwise possesses


Letters to Credit Unions

Risk Alerts

    Third Parties

    Letters to Credit Unions

      NCUA 12 CFR Part 748: Oversee Service Provider Arrangements

      Credit union officials are responsible for planning, directing, and controlling the credit union’s affairs. To fulfill these duties, the officials should require a due diligence review prior to entering into any arrangement with a third party.   Each credit union should:

      • Exercise appropriate due diligence in selecting its service providers;
      • Require its service providers by contract to implement appropriate measures designed to meet the objectives of these guidelines; and
      • Where indicated by the credit union's risk assessment, monitor its service providers to confirm that they have satisfied their obligations

      Business Continuity

      Letters to Credit Unions

      Risk Alerts

      NCUA 12 CFR Part 749 – Records Preservation Program

      • All credit unions must have a written program that includes plans for safeguarding records and reconstructing vital records.

      Federal Financial Institutions Examination Council (FFIEC) Guidance

      September 2022 Cybersecurity Resource Guide for Financial Institutions

      FFIEC IT Examination Handbook InfoBase

      The FFIEC Information Technology Examination Handbook is comprised of individual booklets. These booklets represent a series of updates to the existing 1996 FFIEC Information Systems Examination Handbook. They address significant changes in the financial institution technology since 1996.They incorporate changes in technology-related risks and controls and follow a risk-based approach to evaluating risk management practices. The booklets provide valuable information to both examiners and financial institution management.

      FFIEC InfoBase Booklets

      Business Continuity Management
      Development and Acquisition
      Information Security
      Architecture, Infrastructure, and Operations
      Outsourcing Technology Services
      Retail Payment Systems
      Supervision of Technology Service Providers (TSP)
      Wholesale Payment Systems

      Reports to Congress

      Cybersecurity and Credit Union System Resilience - June 27, 2022

      Cybersecurity and Credit Union System Resilience - June 30, 2021

      Last modified on